Hey folks, long time no write, but boy do I have a doozy. Recently, several of my sites hosted on Algiers has come under attack using an image folder injection exploit. It is VERY IMPORTANT that you login to your account via ftp or WebFTP (this exploit is especially common for those using SFTP & Shell account access) - navigate to your website(s)'s images folder & check for the following folder names (including another images subfolder):
2008
2009
2010
archives
cares
catalog
chapter
content
detalis
dirs
heeds
helps
images
info
looks
means
more
new
notes
notices
pub
read
records
threads
users
watchs

If you see ANY of the above folders or sitemap pages in your ‘images’ folder, it means that you have fallen prey to this injection exploit. I have already contacted DH for guidance, however no response as of yet. Each of the folders listed above contain numerous webpages usually with a prefix with the word ‘znakom-’ followed by a string of numbers (i.e. znakom-671.html)

Appears to be of russian origination. Let me know if you have also found similar files/folders on your site & report this to DH immediately. Any guidance would be appreciated.

UPDATE

The following websites have been compromised - if yours is listed, contact Dreamhost immediately & reference my trouble ticket (#4269962) (Image Folder Injection) in your support request (DO NOT CLICK ON ANY LINKS BELOW-REPORT TO DH: